MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65550f6d0ffec8421f703cdc7273d9c0563b3d480fe6702bad294a18afe72143. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



SilentEncryptor


Vendor detections: 11


Intelligence 11 IOCs YARA 9 File information Comments

SHA256 hash: 65550f6d0ffec8421f703cdc7273d9c0563b3d480fe6702bad294a18afe72143
SHA3-384 hash: fea8eacda4a9e1f5466f63b71bd7eeea4cac172649f8c86f619c15586040032ec4dfdea473451d2c9cc32acac847d6a2
SHA1 hash: c8f4474d91fe1a957887a51f212a8fd0d158c282
MD5 hash: 6f8647bbb9fb933a367abf32a6c6821d
humanhash: cold-nebraska-oxygen-yankee
File name:65550f6d0ffec8421f703cdc7273d9c0563b3d480fe6702bad294a18afe72143
Download: download sample
Signature SilentEncryptor
File size:77'312 bytes
First seen:2026-06-30 13:50:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:klMa8RKqtKy0TGDSYH2aOB724eQdG1T9WvCfACRXPik7:YMjtoY4ic81T9MCfACRXPj7
TLSH T10273C3043BF94118F1FFAF756DF1A5544A79BA175831D64E0989214E0E32BC0CEA2B7B
TrID 44.6% (.EXE) Win64 Executable (generic) (6522/11/2)
14.0% (.ICL) Windows Icons Library (generic) (2059/9)
13.8% (.EXE) OS/2 Executable (generic) (2029/13)
13.7% (.EXE) Generic Win/DOS Executable (2002/3)
13.6% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter Threatray
Tags:exe SilentEncryptor

Intelligence


File Origin
# of uploads :
1
# of downloads :
207
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
_65550f6d0ffec8421f703cdc7273d9c0563b3d480fe6702bad294a18afe72143.exe
Verdict:
No threats detected
Analysis date:
2026-06-30 13:52:21 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
91.7%
Tags:
hiddentears ransomware dropper virus
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Connection attempt to an infection source
DNS request
Connection attempt
Sending an HTTP GET request
Query of malicious DNS domain
Sending a TCP request to an infection source
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-05-04T14:42:00Z UTC
Last seen:
2026-07-01T17:52:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.Win32.Generic HEUR:Trojan-Spy.MSIL.Agent.gen
Verdict:
inconclusive
YARA:
7 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.47 Win 64 Exe x64
Threat name:
ByteCode-MSIL.Ransomware.HiddenTear
Status:
Malicious
First seen:
2026-05-04 19:37:33 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
26 of 36 (72.22%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
silentencryptor
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
65550f6d0ffec8421f703cdc7273d9c0563b3d480fe6702bad294a18afe72143
MD5 hash:
6f8647bbb9fb933a367abf32a6c6821d
SHA1 hash:
c8f4474d91fe1a957887a51f212a8fd0d158c282
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Destructive_Ransomware_Gen1
Author:Florian Roth (Nextron Systems)
Description:Detects destructive malware
Reference:http://blog.talosintelligence.com/2018/02/olympic-destroyer.html
Rule name:Destructive_Ransomware_Gen1_RID31CB
Author:Florian Roth
Description:Detects destructive malware
Reference:http://blog.talosintelligence.com/2018/02/olympic-destroyer.html
Rule name:DetectEncryptedVariants
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:detect_powershell
Author:daniyyell
Description:Detects suspicious PowerShell activity related to malware execution
Rule name:INDICATOR_SUSPICIOUS_EXE_DiscordURL
Author:ditekSHen
Description:Detects executables Discord URL observed in first stage droppers
Rule name:NET
Author:malware-lu
Rule name:pe_no_import_table
Description:Detect pe file that no import table
Rule name:Sus_CMD_Powershell_Usage
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:telebot_framework
Author:vietdx.mb

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments